| Donathan | 21.07.2012 14:42 |
RKIT/agent.depg.1 in BAcroIEHelpe171.dll
EDIT: Eigentlicher Threadtitel: RKIT/agent.depg.1 in BAcroIEHelpe171.dll
Konnte ich allerdings nicht posten, der Titel war "zu unspezifisch".
Hey Board!
Bin jetzt also auch von dem Trojaner befallen :(
Anti-Malware: Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.21.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
hanebüchen :: <USER> [Administrator]
21.07.2012 14:35:29
mbam-log-2012-07-21 (15-28-05).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343390
Laufzeit: 49 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\hanebüchen\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 4
C:\Users\hanebüchen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\55d7f9af-1256256a (Backdoor.Bot) -> Keine Aktion durchgeführt.
C:\Users\hanebüchen\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\hanebüchen\Downloads\SoftonicDownloader_fuer_meat-boy.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\hanebüchen\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.
(Ende)
OTL: Code:
OTL logfile created on: 21.07.2012 15:31:00 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hanebüchen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 42,92% Memory free
8,00 Gb Paging File | 5,46 Gb Available in Paging File | 68,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 357,86 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: HANEBÜCHEN-PC | User Name: hanebüchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\hanebüchen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\hanebüchen\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\TSTheme.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll ()
MOD - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtGui4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtCore4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe (SiSoftware)
========== Driver Services (SafeList) ==========
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchya.com/?chnl=ft-100&s=0&cr=1179406793&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzytB0EtDtC0FyDtDyE0E0EtN0D0TzutBtDtCtBtDtBtBtA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 76 E7 D4 6C B3 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5}: "URL" = hxxp://searchya.com/?chnl=ft-100&s=1&cr=1179406793&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzytB0EtDtC0FyDtDyE0E0EtN0D0TzutBtDtCtBtDtBtBtA&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://searchya.com"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:3.3.0.19
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\hanebüchen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.02 22:41:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.02 22:41:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 19:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\hanebüchen\AppData\Roaming\13001.028 [2012.07.21 14:02:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 19:49:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.01.14 00:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Extensions
[2012.06.15 15:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions
[2012.03.28 23:06:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.16 14:34:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.20 19:11:48 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2011.12.14 19:40:51 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.13 20:50:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@Facemoods.com
[2012.02.23 03:24:37 | 000,000,000 | ---D | M] (searchya.com) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@searchya.com
[2011.02.02 16:26:46 | 000,000,921 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\conduit.xml
[2012.07.11 21:19:09 | 000,000,950 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\icqplugin-1.xml
[2011.02.04 21:54:50 | 000,001,056 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\icqplugin.xml
[2012.02.23 02:02:30 | 000,001,497 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\searchya.xml
[2011.12.14 19:40:45 | 000,003,915 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\sweetim.xml
[2012.03.18 15:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.11 13:31:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ECE24DCF-8548-4655-B392-47A388721482}
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@SEARCHYA.COM
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.16 19:49:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.25 23:46:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.25 23:46:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.25 23:46:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.13 20:50:36 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.04.25 23:46:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.25 23:46:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.25 23:46:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [fedja] C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\hanebüchen\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Userinit] C:\Users\hanebüchen\AppData\Roaming\appconf32.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hanebüchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hanebüchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F946994-739F-4636-80FC-7D1839251284}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe
O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun
O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun
O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun
O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun
O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.21 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\Malwarebytes
[2012.07.21 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.21 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.21 14:33:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.21 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.21 14:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.21 14:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.21 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.21 14:12:54 | 000,000,000 | ---D | C] -- C:\avrescue
[2012.07.21 14:02:51 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.028
[2012.07.18 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.027
[2012.07.17 18:47:35 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\Desktop\Kaspersky Rescue2Usb
[2012.07.17 18:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012.07.17 18:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012.07.17 18:34:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.026
[2012.07.14 21:08:40 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.025
[2012.07.13 20:28:58 | 000,000,000 | ---D | C] -- C:\xmldm
[2012.07.13 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.024
[2012.07.13 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.023
[2012.07.11 21:07:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 21:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 21:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 21:06:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 21:06:46 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.022
[2012.07.11 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\UAs
[2012.07.10 21:21:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.021
[2012.07.10 21:21:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\xmldm
[2012.07.10 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\kock
[2012.07.09 22:59:59 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\Desktop\MOBILE_MP4
[2012.07.09 22:58:13 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012.07.09 22:58:13 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012.07.09 22:58:13 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012.07.09 22:58:13 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012.07.09 22:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.07.09 22:56:07 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012.07.09 22:56:07 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012.07.09 22:56:07 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012.07.09 22:56:07 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012.07.09 22:56:07 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012.07.09 22:56:07 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012.07.09 22:56:07 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012.07.09 22:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012.07.09 22:56:06 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012.07.09 22:56:06 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012.07.09 22:56:06 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012.07.09 22:56:06 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012.07.09 22:56:06 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012.07.09 22:56:05 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012.07.09 22:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.07.01 14:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.01 14:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.07.01 14:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.01 14:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.06.22 18:10:44 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 18:10:44 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 18:10:44 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 18:10:29 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 18:10:29 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 18:10:29 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 18:10:13 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 18:10:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\hanebüchen\AppData\Roaming\*.tmp files -> C:\Users\hanebüchen\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.21 15:30:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.21 14:33:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.21 14:07:12 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 14:07:12 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 14:03:09 | 000,268,992 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.21 14:03:09 | 000,006,400 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.21 14:02:44 | 000,000,034 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\blckdom.res
[2012.07.21 13:58:39 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.21 13:58:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.21 13:58:02 | 3220,619,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 12:36:37 | 000,006,400 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe171.dll
[2012.07.17 18:48:51 | 210,292,736 | ---- | M] () -- C:\Users\hanebüchen\Desktop\KWU_1.0.3.upd.iso
[2012.07.17 18:47:30 | 000,001,062 | ---- | M] () -- C:\Users\hanebüchen\Desktop\Optimizer Pro.lnk
[2012.07.17 18:46:29 | 000,965,888 | ---- | M] () -- C:\Users\hanebüchen\Desktop\Kaspersky-USB-Rescue-Disk-Maker-Setup.exe
[2012.07.12 09:21:51 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 20:59:48 | 325,745,326 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.08 20:24:27 | 090,236,421 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0169.MOV
[2012.07.07 00:27:44 | 003,110,750 | ---- | M] () -- C:\Users\hanebüchen\Desktop\CASPER x HALBE MILLE.mp3
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 20:17:34 | 000,233,450 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0154.PNG
[2012.07.01 19:58:35 | 000,082,009 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0152.JPG
[2012.06.22 19:41:57 | 003,876,963 | ---- | M] () -- C:\Users\hanebüchen\Desktop\J Cole in The Morning Lyrics.mp3
[2012.06.22 19:39:23 | 004,003,433 | ---- | M] () -- C:\Users\hanebüchen\Desktop\J. Cole - Lost Ones (Lyrics).mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\hanebüchen\AppData\Roaming\*.tmp files -> C:\Users\hanebüchen\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.21 14:33:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.21 14:03:09 | 000,268,992 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.21 14:03:09 | 000,006,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.21 14:02:44 | 000,000,034 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\blckdom.res
[2012.07.18 12:36:37 | 000,006,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe171.dll
[2012.07.17 18:48:50 | 210,292,736 | ---- | C] () -- C:\Users\hanebüchen\Desktop\KWU_1.0.3.upd.iso
[2012.07.17 18:47:30 | 000,001,062 | ---- | C] () -- C:\Users\hanebüchen\Desktop\Optimizer Pro.lnk
[2012.07.17 18:46:26 | 000,965,888 | ---- | C] () -- C:\Users\hanebüchen\Desktop\Kaspersky-USB-Rescue-Disk-Maker-Setup.exe
[2012.07.09 22:58:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.07.09 22:56:07 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012.07.09 22:56:07 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.07.09 22:56:06 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2012.07.09 22:56:06 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012.07.09 22:56:06 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012.07.09 22:56:06 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012.07.09 22:56:06 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012.07.09 22:56:06 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012.07.09 22:56:06 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012.07.09 22:56:05 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012.07.09 22:56:05 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012.07.08 20:29:55 | 090,236,421 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0169.MOV
[2012.07.07 00:27:33 | 003,110,750 | ---- | C] () -- C:\Users\hanebüchen\Desktop\CASPER x HALBE MILLE.mp3
[2012.07.01 20:20:09 | 000,082,009 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0152.JPG
[2012.07.01 20:18:27 | 000,233,450 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0154.PNG
[2012.06.22 19:41:42 | 003,876,963 | ---- | C] () -- C:\Users\hanebüchen\Desktop\J Cole in The Morning Lyrics.mp3
[2012.06.22 19:39:09 | 004,003,433 | ---- | C] () -- C:\Users\hanebüchen\Desktop\J. Cole - Lost Ones (Lyrics).mp3
[2012.06.22 12:43:24 | 001,147,459 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0092.JPG
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.24 02:50:19 | 000,069,548 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\icarus-dxdiag.xml
[2012.02.23 02:02:36 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.10 19:00:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.27 21:30:42 | 011,366,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\Sandra.mdb
[2012.01.22 02:32:01 | 000,000,000 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.01.05 21:24:09 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{390206F0-C60C-4045-8999-D6FC20FD1176}
[2011.10.23 14:08:43 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{BA64E7C5-9A62-409C-854D-737BF9C30F75}
[2011.10.20 19:47:14 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D1CA7396-9E07-4F70-BA7C-21062883FB9E}
[2011.10.19 09:26:24 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{6B0AEDEC-CC7E-4679-8D5F-2F191DBE7FC6}
[2011.10.18 09:28:09 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D7ED4401-6FC0-4B10-B972-89334F2337C7}
[2011.10.14 08:27:14 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D6331676-AD31-4416-8576-B4A192F45961}
[2011.10.13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.07 11:35:24 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{BB44AB02-A155-4DF4-80E0-9C958FC16910}
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.06 17:31:06 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.01.14 01:22:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\hanebüchen\AppData\Roaming\appconf32.exe
< End of report >
OTL EXTRAS: Code:
OTL Extras logfile created on: 21.07.2012 15:31:00 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hanebüchen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 42,92% Memory free
8,00 Gb Paging File | 5,46 Gb Available in Paging File | 68,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 357,86 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: HANEBÜCHEN-PC | User Name: hanebüchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DAF7C8-36D5-47DF-AB96-DDFCD0136670}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{086EC40A-CE73-4347-8B64-C0BEE4F61E4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A43AE46-2A59-490E-81A8-BCD7F94A2088}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{11414669-2EAE-437A-A655-08E8F8E46953}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2521C543-6672-4127-A6F0-E4337E5EB7DC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2EA103D7-99EC-44A6-906E-8E0C394D20FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{2EA2E9B6-2337-4FCF-82C5-E7EEABBD323A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37A79387-BF46-4F53-AC30-52F6F9323DCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3A66E529-1AF3-4778-A0B9-FC40B9A7B3CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{51263C83-3543-4A52-A376-D34B83B76EB4}" = lport=445 | protocol=6 | dir=in | app=system |
"{51CC6CBA-4A30-4BFF-8214-35AE31CE68CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56E0F830-79ED-422C-9110-EDA8045D4E26}" = lport=139 | protocol=6 | dir=in | app=system |
"{5C3E98A4-6D11-4738-AF03-37AABAF40727}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F3E2D89-458F-4FED-89AC-A3B074144256}" = lport=137 | protocol=17 | dir=in | app=system |
"{5FE1526B-4FE4-4D9A-B0DA-CAEB0E6AB5C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C70194E-A486-46CA-8B06-25969CD9C04D}" = rport=139 | protocol=6 | dir=out | app=system |
"{738994B9-DC55-4C84-9BF8-FC5CE17643E2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7BA3B8EA-E2D7-4B69-BFB6-50BE152E8D8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82BCC8A4-01DD-48F7-98CF-2645F4F1907B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B5CB794-1F34-4594-87EF-F10433E6B788}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\wnt500x64\rpcsandrasrv.exe |
"{8B7A5575-A48F-4DEE-8465-29078C5BA646}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\rpcagentsrv.exe |
"{A6462CC2-8FB6-40A0-A328-0B72179EC461}" = lport=138 | protocol=17 | dir=in | app=system |
"{B559D9EB-3D9E-4FE0-8CB9-9DEA5EFC65D0}" = rport=138 | protocol=17 | dir=out | app=system |
"{B9E12DAB-F26D-4048-9084-18B40797CC93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C05CF4AC-89B3-4349-BA4B-B6E3097C90C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E85479E8-2CB8-44BE-9E8B-58AAE3CB8DFF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0290484E-D718-4426-AA2A-3154BC85F03E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{0801C795-9121-49F5-AC1B-9274F3AF5D8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08215A4F-8053-4829-8AAE-13AD52C04153}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{08DAC84F-E330-4BB1-BE69-51F47DF295FD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0BCB5801-E5AB-4287-9FEC-D1175D34C3EA}" = protocol=6 | dir=out | app=system |
"{0CF0D2B9-7B2D-405A-B360-24ABF99F69DA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{14968090-2C92-4280-9273-74C13D1BA764}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15D9820F-CD1B-4BA6-95EB-1D5B9AAEB8CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18491FC7-234A-4350-B21B-5C8B959AC210}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{19555B8A-F7BE-485A-A6FB-9DEE0936C10E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E9D9F56-00CE-4FEA-BFA9-E76498558EFF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{20BBE0DF-8833-4251-A4FF-8D4701834A8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\garrysmod\hl2.exe |
"{27A9AF47-3191-464A-BE4E-CE1C9273A964}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{30419D49-C654-43D0-A12B-6F738570F9F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{376E6E32-6C6C-4E46-9DEB-4AFE9A656FCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{393E06FA-99AB-417E-93F8-C4B712164E69}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{3953107E-185F-4C1E-B281-3362CB8A053A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{3BCCDE3C-0F7C-45E3-B1B3-043EA81DAE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{3CF398CA-F86E-48A6-881A-93A3FBB1D0C3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4183FFB1-6506-493F-AAB2-97F1EB971845}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{41A3C1A0-EC1F-4FAC-A360-35573E5ED0AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{420E34FB-21F4-447B-8C65-0E78715C697E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{45B50E0C-289B-4E66-944C-324C82B9E7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{4A58D5CC-241F-4994-911A-5A5BC757638A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4BB4D846-4320-4A9F-8488-DC05FF37FCDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\garrysmod\hl2.exe |
"{50559C52-63EF-42F1-B84D-2D3E64BC6AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{52B2BC4D-15F3-437B-9A80-DC94CA5FCE59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\counter-strike source\hl2.exe |
"{54874072-7C06-4A21-9452-406D7D872A82}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{574BCFCC-02DA-4822-AB34-F443B495E0DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57712A18-D97F-4591-A427-D4A69104B8E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{5DE8FB6F-0A13-4ADE-A36C-47A96FD3714E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe |
"{5FCA8728-796F-449B-BEA3-DECA5063046B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{63BD1307-AD0A-479D-BE24-AB18EABE9C1F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{67D081C7-EC5E-4C59-BD7E-41D0F5BFB53D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{77C10D7C-531D-4644-8A96-192FE125C58B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B220429-0B33-46E0-89A5-6907C6DC3CC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{83D14D8D-60A4-4BB4-806F-822B804974F1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{889DF2E5-EB44-48B1-9FEC-178B6AEC55B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\counter-strike source\hl2.exe |
"{89AC8CC6-35EE-4A48-B63E-927186F9DC30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F49916A-832F-4F0B-9DA6-4B7D2BC2EEBB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92E367E8-268D-46A6-BA20-705E0242D527}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{92FC89A4-FCD9-4880-A706-9BC5E9613042}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{95760D62-7D65-429A-8373-ADDBD25BB006}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D79F2CF-D34C-4F6F-8CB2-01966BD0EB98}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{A1D99B44-24F6-44D4-9915-9C220B818BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A968A283-D2E6-4956-B835-4CC17A128E14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA1E5082-6507-4A9F-BE2A-1A5D79ED2936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD37DCF9-D85A-4D96-949D-74E4BE6343D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B277A8A9-926D-4AD7-BC47-EED8446FA544}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B5FAAF81-42F8-43CD-9680-F72648BCF9DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BADDBA00-4224-4487-AE29-36D68461FF0C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BB6CD3D2-5B21-4C8E-BD01-826CA63EE8CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD358423-C358-41E9-ACDB-AE3A89CF05B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{BE26E693-D712-4546-8822-1FB8152BD79F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C5D2E746-9C0A-4F9A-A51E-AC282C43DD5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9721C09-8E0D-4B04-B2C1-BDBFD36AD50D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9B26F93-1166-4861-9629-915F8F3C5B95}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{CE302D7C-9119-47B6-AC88-3E6B0CE59589}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D35EE08C-F7F7-4BFC-B91A-27FD21C2B37F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{DDBD9B19-5270-4201-94AA-DDA1DD299C7E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{E2661590-7463-4915-891D-4E115ED8B1E1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{E57EE8EE-CA4C-468F-AEC6-A32588C6EBE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{EC279E44-08CB-473A-BC53-DC48823F954E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{F7487ED9-14F8-438D-AB2D-D629A246FA3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe |
"{F9D0841A-4293-49FE-9D1E-7CA95FB020BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAF63D86-FE0F-41B0-A493-EC4F884F5A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0B0D7633-EA6F-441C-B823-84E2C31E13E5}C:\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\ut2004\system\ut2004.exe |
"TCP Query User{15E61B82-DC80-401B-A8E3-C88A294B0CA6}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E6B7F748-99EE-4ECC-9B5D-1253A5B360A0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{EABA9E59-1FE4-494C-A520-41A491F489CE}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe |
"UDP Query User{0D7EB447-037A-4AC8-80C9-742AF2384023}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3C3FAC12-AAF4-4AA2-B598-76356DD7FEA0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{5BA583F7-A460-486F-A096-EA1CEB098EEA}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C9D29781-F7C1-479E-9F18-C772E290953C}C:\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\ut2004\system\ut2004.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0210B563-198E-5A4B-E757-7BC4AC7677F8}" = AMD AVIVO64 Codecs
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{49384799-E541-8F8D-B376-4F8AD3AACC24}" = AMD Drag and Drop Transcoding
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1c
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11373106-6476-4C56-9E1E-88A1CD9F8809}" = Scrabble3D
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6D62F1D-E3D6-E982-48B4-A20663B1FB7D}" = HydraVision
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"eVer-Craft_is1" = eVer-Craft
"facemoods" = Facemoods Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Gamers.IRC" = Gamers.IRC 6.00
"GamersFirst LIVE!" = GamersFirst LIVE!
"ICQToolbar" = ICQ Toolbar
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"OpenAL" = OpenAL
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PokerStars" = PokerStars
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UT2004" = Unreal Tournament 2004
"VLC media player" = VLC media player 1.1.6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Creator" = FoxTab PDF Creator
"Game Organizer" = EasyBits GO
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3120
Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3120
Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6349
Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6349
Error - 17.07.2012 12:38:22 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cea18 ID des fehlerhaften
Prozesses: 0x444 Startzeit der fehlerhaften Anwendung: 0x01cd643a68aae760 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: d23baed0-d02d-11e1-8554-0024217aa999
Error - 17.07.2012 12:45:22 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x73f9e294 ID des fehlerhaften
Prozesses: 0x668 Startzeit der fehlerhaften Anwendung: 0x01cd643ac8a43d60 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: cc5be8d0-d02e-11e1-8554-0024217aa999
Error - 17.07.2012 12:46:30 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: AcroIEHelpe170.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x500572da Ausnahmecode: 0xc0000005 Fehleroffset:
0x6a0194ca ID des fehlerhaften Prozesses: 0x15e0 Startzeit der fehlerhaften Anwendung:
0x01cd643add0fbf90 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe170.dll Berichtskennung:
f52233f0-d02e-11e1-8554-0024217aa999
Error - 17.07.2012 12:49:42 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: com.apple.WindowsContacts.client.exe,
Version: 17.17.0.77, Zeitstempel: 0x4f186178 Name des fehlerhaften Moduls: unknown,
Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset:
0x000cea18 ID des fehlerhaften Prozesses: 0x1548 Startzeit der fehlerhaften Anwendung:
0x01cd643c28d7e7d0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common
Files\Apple\Mobile Device Support\com.apple.WindowsContacts.client.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 67538a50-d02f-11e1-8554-0024217aa999
[ System Events ]
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.07.2012 13:13:41 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 17.07.2012 13:13:41 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 17.07.2012 13:14:23 | Computer Name = hanebüchen-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 19.07.2012 04:30:18 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Live ID Sign-in Assistant erreicht.
Error - 19.07.2012 04:30:18 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
Ich hoffe sehr das ihr mir weiterhelfen könnt, vielen Dank im Voraus! |
